[30451] in Kerberos
kadmin help when using LDAP db (MIT kerberos)
daemon@ATHENA.MIT.EDU (Robert Marcano)
Fri Nov 14 11:58:14 2008
From: Robert Marcano <robert@marcanoonline.com>
To: kerberos@mit.edu
Date: Fri, 14 Nov 2008 12:26:30 -0430
Message-Id: <1226681790.3491.15.camel@localhost.localdomain>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
I am relatively new to kerberos, and as part of the installation of
freeipa, I am writing a script to be used by Samba for password changes.
I read about kadmin.local but the man pages says
"If the database is LDAP, kadmin.local need not be run on the KDC."
so I am unable to use it instead of kadmin that requires a password that
I do not understand very well how to supply, The fist time I started the
kadmin service on a CentOS server, it says it was adding a few
principals with these two commands
/usr/kerberos/sbin/kadmin.local ${KRB5REALM:+-r $KRB5REALM} -q "ktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/admin${KRB5REALM:+@$KRB5REALM} kadmin/changepw${KRB5REALM:+@$KRB5REALM}"
/usr/kerberos/sbin/kadmin.local ${KRB5REALM:+-r $KRB5REALM} -q "ktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/`hostname`${KRB5REALM:+@$KRB5REALM}" 2> /dev/null && success
This immediately disabled the usage of kpasswd (unable to find KDC
error) or kinit with a expired password
how can I use the network version of kadmin in order to change a user
password? which principal can i use with the right privileges:
"change_password: Operation requires ``change-password'' privilege while
changing password for ..."
do kadmin only replaces the password? or do it reset last password
change date/time and related fields?
Thanks in advance
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
